Business Continuity Self-Assessment

Business disruptive events such as cyberattacks, technological failures, natural disasters, pandemics, loss of a key supplier etc. could have a negative impact on the achievement of your organizational objectives (strategic, financial, reputational,...).

Therefore, your organization (whether large or small) needs to be prepared and have adequate procedures and instructions in place that must be followed when faced with a disaster.
This way, a business continuity strategy helps your organization maintain resiliency, in responding quickly to an interruption.

Answers to the 10 questions of this self-assessment will provide you with a preliminary scoring of your Business Continuity Management.

Question Title

* I agree with the privacy statement

I agree

Question Title

* 1. Management has taken the responsibility to create, maintain, and communicate a business continuity strategy within your organization?

Yes

Question Title

* 2. A formalized business continuity plan (BCP) and IT disaster recovery plan (DRP) have been established within your organization?

Yes

Question Title

* 3. Key roles and responsibilities have been clearly defined and assigned in order to achieve your business continuity objectives?

Yes

Question Title

* 4. A risk assessment has been performed in order to identify the areas of exposure and possible threats (natural, technological, pandemic, loss of utilities, cybercrime…) that could potentially cause a business interruption?

Yes

Question Title

* 5. A business impact analysis (BIA) has been performed to determine the criticality of your business activities and related resource requirements (e.g. IT systems, SaaS applications, people) in order to ensure continuity of operations during and after a business disruption?

Yes

Question Title

* 6. The recovery time objectives (RTO) and the recovery point objectives (RPO) of your critical services have been determined and validated?

RTO = the amount of time following an unplanned incident that a service or technology can be unavailable.

RPO = the maximum data loss each system can tolerate following an unplanned incident.

Yes

Question Title

* 7. If you have outsourced (critical) processes, did you evaluate whether the business continuity capabilities of your third party service providers (including cloud/SaaS vendors) are in line with the expectations and business continuity objectives of your organization?

Yes

Not applicable, since no relevant services (including cloud services) have been outsourced

Question Title

* 8. Cloud services might be secured so they can only be accessed via the company network. Did you take into account the impact on your IT disaster recovery strategy when your cloud service will be unavailable in case your corporate network is down?

Yes

Not applicable

Question Title

* 9. When your key applications are down (including cloud applications), do you have workaround procedures in place to continue business activities?

Yes

Question Title

* 10. Have your business continuity and disaster recovery procedures (including exercises to verify the recovery time and recovery point objectives) been tested, at regular and planned intervals and with appropriate scenarios (e.g backup restore testing, Internet outage, personnel unavailability, ...)?

Yes